Age | Commit message (Collapse) | Author |
|
|
|
Reported-by: Thomas Muenz
|
|
|
|
|
|
- Use `extern "C"` instead of `extern "system"`. The latter selects
stdcall, which is only appropriate for talking to the Windows API.
|
|
|
|
- Do not hardcode the lifetime in the trait.
|
|
- We hash type names to create a compile-time-constant value for the
runtime type checks in the wrapper types. Use sha2 instead of
nettle, because the former is a pure-rust implementation, and
doesn't require nettle at runtime. This makes building easier
because we do not require nettle to be in the dynamic linker path
at compile time.
|
|
|
|
- We cannot use move_from_raw() here, because there may be no object
to move from raw.
|
|
- Use an absolute path for the 'io' module.
|
|
- Explicitly use the Parse and Serialize traits so that the modules
that derives these functions do not have to use them explicitly.
|
|
|
|
- Previously, it was impossible to use the ffi_wrapper_type macro
twice in the same module because importing a trait twice
introduces a conflict.
|
|
|
|
|
|
|
|
|
|
|
|
- This way we can easily introduce new transformations.
|
|
- Using absolute paths allows us to use types without having the
user to 'use' them.
|
|
|
|
|
|
|
|
- A consequence of using wrapper types in the API is that we can no
longer hand out references. For example, with the recently
introduced wrapper types, pgp_tsk_tpk no longer works, as it
returns bare references.
- With this change, we wrap immutable and mutable references to
objects. It presents an opportunity for a uniform API (i.e. just
always free references you got from us), and for us the ability to
track mutability of references.
|
|
- A wrapper object may be deallocated either if the object is
freed *or* the object is moved. Change the error message to
mention both of these possibilities.
|
|
- When we transfer ownership from C to Rust, we move the wrapped
object out of the wrapper, and poison the wrapper.
- This prevents reuse of the wrapper object. When a stale reference
is given to us, we check the tag encoding the type information.
- If the tag field is poisoned, we can produce a more helpful error
message. This is not exact, of course. As soon as the memory is
reused, our tag is overwritten.
|
|
- This change adds a tag to the derived wrapper types that identify
the type of the wrapped value.
- At runtime, we can verify that references to wrapper objects
indeed carry the right tag.
- Fixes #166.
|
|
- With the abstractions for moving ownership and references across
the FFI boundary, we can now switch to actually using the wrapper
types by changing the function signatures to use the wrapper type,
and updating the generated functions.
|
|
|
|
- This is a framework for dealing with ownership and references at
the FFI boundary. Previously, we used macros to do that. This
change introduces a more idiomatic interface, we use traits
converting from raw pointers of a wrapper type to objects,
references, or mutable references to a wrapped type.
- For now, we use the wrapped type as wrapper type. We merely
introduce a new mechanism replacing the macro-based one.
- This patch also converts all the derived functions.
- The following patches will convert all the functions that are
already using the ffi_wrapper_type. Once this conversion is done,
we can introduce our own wrapper type.
|
|
- Note that the wrapper type is not actually used for now, the
functions still operate on the original type. But, this lets us
derive functions, and for that we merge it now.
- See #166.
|
|
- Use the parenthesis token to preserve location information.
|
|
- This crate contains macros for Sequoia's FFI crate(s). Having it
in a separate crate means that we can share it when we split the
FFI crate into two.
- More importantly, we need a separate crate if we want to create
procedural macros.
- As first macro, this patch adds ffi_catch_abort that wraps a
function's body in a catch_unwind block, aborting on panics.
|